scottp at dd.com.au
Thu Jan 31 00:29:36 CST 2002
-----BEGIN PGP SIGNED MESSAGE-----
On Thursday, January 31, 2002, at 06:09 , Andrew Gray wrote:
> What I want to do, is remotely control some of the functions on a
> server. To
> this end, I can do it using sockets and loading a client program and
> all works OK, but I think to be secure I need to encrypt the message I
> passing between the servers (call me paranoid, but I dont really trust
> telstra's network that much ....)
>> From how I understand it, MD5 encryption lets you hash a message with a
> given key, and then using the same key, unencrypt the message at the
> end. Is this right? or is it a one way encryption like crypt()?
> Having read the synopsis from www.cpan.org I can see how to hash the
> given a key string, but nowhere can I see how to unencrypt at the other
> of the transmission.
> OR are there any other two way encryption modules around that I could
Personally I prefer to do it using SSL, that way the encoding is
standard and well understood.
However that can be a lot of work, so in some cases what I have done is
to use SSH port forwarding.
So what you do is on your client side (where your perl script runs)
connect (sockets) to localhost, some port number you choose.
SSH mean time has been setup (using RSA keys etc) by the system admin -
separately controlled from your perl code.
on connecting to localhost:someport it forward it to
You also need to make sure that your server is setup with the daemon
(the server script) so that it only accepts connections from localhost
(bind to localhost only) - and I also recommend restricting that port
even more with ip tables.
Why this approach.
1. My perl code does not have to know anything about security or
2. I can test the code without any encryption.
3. I am not going to make a crypto mistake - SSH is well proven
technology and checked for security holes all the time.
4. When updates to how security is done are made you don't have to
update your then legacy perl code.
One point though - this does not protect your server or client machine
from prying eyes. However having encryption end to end does not really
solve that either because you are going to have the streams unencrypted
in memory anyway.
Open source and Linux Developer
scottp at dd.com.au
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (Darwin)
Comment: For info see http://www.gnupg.org
-----END PGP SIGNATURE-----
More information about the Melbourne-pm